Hackers are selling the data of millions lifted from 23andMe’s genetic database

Share via:

Illustration: Beatrice Sala

23andMe posted a blog yesterday saying that data from users of its genetic testing and analysis platform has been circulating on dark web forums after hackers used recycled logins to gain access to get into accounts. BleepingComputer wrote on Thursday that a hacker leaked what they said was “1 million lines of data” for Ashkenazi Jewish people before saying they would sell stolen 23andMe data for $1 – $10 per account. The data includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location.

The company confirmed to BleepingComputer that the data is legitimate in a statement it also shared in an email to The Verge. In the statement, 23andMe managing editor Scott Hadly wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”

23andMe’s blog post gives links to its instructions for password resets and multi-factor authentication setup. The company included a link to its privacy and security checkup page and said users who need help can email its support team.

As many as 7 million accounts may be in the sale, PCMag reported on Wednesday, citing a post from Dark Web Informer that shared screenshots of another now-deleted hacker forum post. That’s roughly half the total number of users on 23andMe’s platform. According to ArsTechnica, hackers claimed that 23andMe’s CEO knew about the leaked data two months prior, but didn’t disclose the incident.

1/2 A threat actor has allegedly leaked data from 23andMe @23andMe. They claim the data has a list of half of the users of 23andMe; 7 million. The data includes a lot of confidential information. #23andMe #DNA #Clearnet #DarkWeb #DarkWebInformer #Database #Leaks #Leaked pic.twitter.com/OAj1m0gjgx

— Dark Web Informer (@DarkWebInformer) October 3, 2023

Meanwhile, 23andMe has posted this message from a support account:

Following a claim that someone had gained access to and is selling certain 23andMe customer data, we conducted an investigation. We have not identified any unauthorized access to our systems. We will continue to monitor the situation.

— 23andMeSupport (@23andMeSupport) October 6, 2023

Update October 7th, 2023, 1:59PM ET: Updated with information from 23andMe’s blog post about the leaked data.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Hackers are selling the data of millions lifted from 23andMe’s genetic database

Illustration: Beatrice Sala

23andMe posted a blog yesterday saying that data from users of its genetic testing and analysis platform has been circulating on dark web forums after hackers used recycled logins to gain access to get into accounts. BleepingComputer wrote on Thursday that a hacker leaked what they said was “1 million lines of data” for Ashkenazi Jewish people before saying they would sell stolen 23andMe data for $1 – $10 per account. The data includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location.

The company confirmed to BleepingComputer that the data is legitimate in a statement it also shared in an email to The Verge. In the statement, 23andMe managing editor Scott Hadly wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”

23andMe’s blog post gives links to its instructions for password resets and multi-factor authentication setup. The company included a link to its privacy and security checkup page and said users who need help can email its support team.

As many as 7 million accounts may be in the sale, PCMag reported on Wednesday, citing a post from Dark Web Informer that shared screenshots of another now-deleted hacker forum post. That’s roughly half the total number of users on 23andMe’s platform. According to ArsTechnica, hackers claimed that 23andMe’s CEO knew about the leaked data two months prior, but didn’t disclose the incident.

1/2 A threat actor has allegedly leaked data from 23andMe @23andMe. They claim the data has a list of half of the users of 23andMe; 7 million. The data includes a lot of confidential information. #23andMe #DNA #Clearnet #DarkWeb #DarkWebInformer #Database #Leaks #Leaked pic.twitter.com/OAj1m0gjgx

— Dark Web Informer (@DarkWebInformer) October 3, 2023

Meanwhile, 23andMe has posted this message from a support account:

Following a claim that someone had gained access to and is selling certain 23andMe customer data, we conducted an investigation. We have not identified any unauthorized access to our systems. We will continue to monitor the situation.

— 23andMeSupport (@23andMeSupport) October 6, 2023

Update October 7th, 2023, 1:59PM ET: Updated with information from 23andMe’s blog post about the leaked data.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Libeara, FundBridge launch onchain US Treasurys fund

Libeara and FundBridge Capital bring US Treasury investments...

GoTo’s Q3 losses narrow to $109m as user figures...

CEO Patrick Walujo says strategy is to funnel...

New Pokémon TCG app now available for iPhone

Nintendo has just launched a new Pokémon TCG...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!